» divx.web.player.installer__8420_il17957.exe
Overview
Analysis
File Details
Network (3)

divx.web.player.installer__8420_il17957.exe

The application divx.web.player.installer__8420_il17957.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. While running, it connects to the Internet address server-54-192-53-95.jfk6.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

Version:

1.1.5.90

MD5:

8edb81d2a59e4a18eef05dd39c051340

SHA-1:

9c3138eaaab8e4a9bd94868e8ca0e115f9c27228

SHA-256:

ca699818f1b901c530c1f7be5ead43dae0a7ec052e96b81cf4b1d6e5b0c1cb9f

Scanner detections:

16 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 11:48:18 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Amonetize

7.1.1

AhnLab V3 Security

PUP/Win32.Amonetiz

2015.06.18

Avira AntiVirus

ADWARE/Amonetize.561664

8.3.1.6

avast!

Win32:Adware-gen [Adw]

2014.9-150716

AVG

BundleApp

2016.0.3047

Baidu Antivirus

PUA.Win32.Amonetize

4.0.3.15716

Comodo Security

Packed.Win32.MUPX.Gen

22485

ESET NOD32

Win32/Amonetize.FG potentially unwanted application

7.0.302.0

Fortinet FortiGate

Adware/Amonetize

7/16/2015

K7 AntiVirus

Adware

13.205.16384

Kaspersky

not-a-virus:AdWare.Win32.Amonetize

14.0.0.1728

NANO AntiVirus

Riskware.Win32.Amonetize.dtdcao

0.30.24.2266

Panda Antivirus

Generic Suspicious

15.07.16.09

Qihoo 360 Security

HEUR/QVM11.1.Malware.Gen

1.0.0.1015

Trend Micro

TROJ_GEN.R01TC0EFQ15

10.465.16

VIPRE Antivirus

Trojan.Win32.Generic

41512

File size:

548.5 KB (561,664 bytes)

Product version:

1.1.5.90

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

6/17/2015 6:06:37 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:2LO5Y7kbS4DC+Q9UfkBZxEiz+Nj5eqTy+c4YlOE5eQEz:OshO+Q9eke5hTyXtQI/O

Entry address:

0x185DF0

Entry point:

60, BE, 00, C0, 46, 00, 8D, BE, 00, 50, EF, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

492 KB (503,808 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-230-52-185.jfk6.r.cloudfront.net (54.230.52.185:80)

TCP (HTTP):

Connects to server-54-192-53-95.jfk6.r.cloudfront.net (54.192.53.95:80)

TCP (HTTP):

Connects to ec2-54-225-244-105.compute-1.amazonaws.com (54.225.244.105:80)

Remove divx.web.player.installer__8420_il17957.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.